What is Prism? If you're the vendor that sold it to the National Security Agency, Prism is a proprietary black box that applies state-of-the-art predictive analytics to big data to infer relationships between known terrorists and their social networks. That's marketing jargon, so let's break it down.

Note that the only thing proprietary in that last paragraph is the vendor's hokey sales pitch. Everything mentioned there can be built with open-source tools, specifically a scalable distributed graph such as Neo4j and some natural language processing (NLP) libraries from Stanford University. So if you're in government IT or purchasing, don't buy the vendor BS.

First, the graph ...

In theory, every person in the world can be a node on a graph. And every communication between two people is just a relationship between those two unique nodes. So if you were able to compel Verizon and every carrier in the world to give you their complete call records, you could create the world's largest game of Six Degrees of Kevin Bacon.

Supplement those phone records (as the thing that connects two people) with emails, instant messages, known aliases and financial transactions, and your ability to infer relationships dramatically improves.

That, by the way, is the same kind of inference engine that companies such as Amazon use to figure out which products to suggest you buy. It's a more sophisticated way of asking if you want fries with that. Only in this case, instead of advancing commercialism, law enforcement gets to quickly determine the social networks of known terrorists.

This isn't some dystopian Minority Reports-like future. This is good old-fashioned policing supplemented by technology. Instead of manually sifting through phone records and drawing lines on a whiteboard between grainy pictures of suspects (a la every serial killer movie you've ever seen), the NSA is using a graphing engine.

And for the best reason possible: to speed up the narrowing of the search.

Next, the NLP ...

So now you know who's communicating with whom. How can you make sense of content: the billions of hours of real-time voice and email exchanges between people? You certainly don't want to hire tens of millions of analysts to listen, translate and raise their hands whenever someone that's two degrees away from some blind sheikh uses the word jihad.

"The people working at the NSA don't care about your dumb life or your stupid fetish. ... They care about stopping bad guys. And quickly."

The author is (willfully?) naive. This data can be used to undercut economic competition (by just enough that the preferred company gets the contract), to suppress political dissenters, and to keep undesired individuals from attaining positions of power.

Just because most of us aren't important enough to get this data used against us doesn't mean it is never used against anyone.

The technology in question isn't particularly sophisticated right now. The column was meant to question the commonly-held fallacy that a system (any system) can figure out who's a terrorist. It can't. The best it can do with today's state-of-the-art is to narrow the research that a limited resource pool (intelligence or law enforcement) needs to drill down on. And yes, civil liberties come into play. And now that its in the open, we-- the architects and hackers-- should figure out how to help AND respect civil liberties.

The one thing I find questionable is "the craptastic tools that we hand to our police and intelligence communities.". For the most part, we don't hand them anything. I worked as a linux consultant around 2000-2002 and would dearly have loved to have slapped some people in the NHS into seeing the advantages of open-source and standards-based solutions - notably, the people being decision-makers and bureaucrats who make choices based on the mythical `bottom line' with insufficient regard to best practices. I see the police as no different in terms of interfacing IT with society. If their tools are clumsy and thuggish, it's because they've chosen them, not that we've handed them - *none* our so-called "elected representatives" are interested in living up to that moniker. Why would a secret service suddenly start believing in openness and transparency?

Much as I'd like to focus on sharpening the tools for geekish reasons, aside from getting the authorities interested, there are problems with that approach too: in the interests of avoiding bad statistics, it's impossible to build a graph of communications relationships that doesn't sniff other people's data: if you're analyzing whether T2 is a terrorist because she talks to T1 then you have to consider how many non-terrorist communicants she also has, to decide whether their communication is significant or if she's reasonably well-balanced (talks with other friends on the same network equally, and is only sharing cookie recipes with T1). And that's where the whole civil liberties thing comes in.

I think the "you are not special" point is valid, but that it also glosses over some of the things that make PRISM troubling. Statistically, the likelihood that the NSA is specifically targeting an InformationWeek reader is pretty low. But for the average citizen to say, "I'm not special because the government is too busy chasing bad guys" presumes that a) the government is good at differentiating good guys and bad guys, and b) that the government defines "bad" the way the rest of us do. In the current administration, maybe these assumptions are valid. But government agencies haven't always draw the right line between radical rhetoric and legitimate extremism (examples range from the targeting of Black Panthers decades ago, to whether DHS had any business monitoring Occupy protestors, to the current debate over whistle-blowing vs. national security). There's also the lack of oversight in a program like PRISM (e.g. a secret court that never says "no" isn't how most people would define "oversight"). I don't think something like PRISM is inherently wrong, per se, but even if we assume the government is only interested in "bad guys," such simple assumptions can still become messy in practice.

Nixon had an enemies list. What makes you think others in government don't follow that strategy? I get your point - I have spouted off on other forums about many government issues. I'm not sweating it. I just assume they are listening. So what? Nothing to be done about it.As GW Bush would say, keep shopping! I hated him and Cheney - still do. Now Obama follows suit. I think that is why you don't want to start such things - these "rules" are impossible to take away after they have it. He just put "leaking" on a par with terrorism. Absurd.

There will always be bad actors -- even in law enforcement. With or without Prism, those rogues can persecute the innocent. The potential abuse of power however does not negate the need for power. It just requires checks and balances.

What's wrong with our recent discovery (as a nation) isn't that the power exists but that there might not be sufficient controls around it to address abuse. The loudest voices (always) take the extreme positions. The answer is probably a balance in the middle.

As for Tom's point, I don't think that the thousands of editorialists who have already written anti-Prism pieces need to lose sleep about NSA persecution. I wouldn't.

I've been writing under a pseudonym since April. And I'm certainly not doing it out of fear of the government. Given this piece's pro-Prism, pro-law-enforcement position, I'm not sure what I would have to fear. Flowers from the NSA perhaps?

Most IT teams have their conventional databases covered in terms of security and business continuity. But as we enter the era of big data, Hadoop, and NoSQL, protection schemes need to evolve. In fact, big data could drive the next big security strategy shift.

Why should big data be more difficult to secure? In a word, variety. But the business won’t wait to use it to predict customer behavior, find correlations across disparate data sources, predict fraud or financial risk, and more.